salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix middleware: Don't set request.user, only request.account

Browse Source 
- Middleware should only set request.account, not request.user
- Let DRF authentication handle request.user setting
- This prevents conflicts between middleware and DRF authentication
- Fixes /me endpoint returning wrong user issue
This commit is contained in:
IGNY8 VPS (Salman)
2025-11-16 19:49:55 +00:00
parent f84be4194f
commit 9f3c4a6cdd
1 changed files with 2 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/igny8_core/auth/middleware.py
View File

@@ -76,7 +76,6 @@ class AccountContextMiddleware(MiddlewareMixin):
if not JWT_AVAILABLE: if not JWT_AVAILABLE:
# JWT library not installed yet - skip for now # JWT library not installed yet - skip for now
request.account = None request.account = None
request.user = None
return None return None
# Decode JWT token with signature verification # Decode JWT token with signature verification
@@ -94,10 +93,9 @@ class AccountContextMiddleware(MiddlewareMixin):
if user_id: if user_id:
from .models import User, Account from .models import User, Account
try: try:
# Refresh user from DB with account and plan relationships to get latest data # Get user from DB (but don't set request.user - let DRF authentication handle that)
# This ensures changes to account/plan are reflected immediately without re-login # Only set request.account for account context
user = User.objects.select_related('account', 'account__plan').get(id=user_id) user = User.objects.select_related('account', 'account__plan').get(id=user_id)
request.user = user
if account_id: if account_id:
# Verify account still exists and matches user # Verify account still exists and matches user
account = Account.objects.get(id=account_id) account = Account.objects.get(id=account_id)
@@ -118,18 +116,14 @@ class AccountContextMiddleware(MiddlewareMixin):
request.account = None request.account = None
except (User.DoesNotExist, Account.DoesNotExist): except (User.DoesNotExist, Account.DoesNotExist):
request.account = None request.account = None
request.user = None
else: else:
request.account = None request.account = None
request.user = None
except jwt.InvalidTokenError: except jwt.InvalidTokenError:
request.account = None request.account = None
request.user = None
except Exception: except Exception:
# Fail silently for now - allow unauthenticated access # Fail silently for now - allow unauthenticated access
request.account = None request.account = None
request.user = None
return None return None